Cybersecurity in 2019: Two Attacks Server Admins Should Prepare For

The cybersecurity landscape evolves. New technologies breed new attacks. Motivated criminals seek out novel vectors and vulnerabilities. Changes in consumer behavior open lucrative new avenues of attack. As server administrators fight back, attackers double down or focus on neglected weaknesses. Server administrators should invest their limited time where it will have the most impact. They must understand today’s threat landscape to effectively fight back.

The basics of server security do not evolve quickly. Software should be updated, firewalls configured, passwords chosen carefully, and the attack surface minimized. But server security is never a sure bet. Attackers get lucky, and administrators need to know what to look for. In 2019, two types of attack will be of growing concern. They are not new attacks — those are inherently unpredictable — but they will be the most common source of pain over the coming year.

Supply-Chain Attacks

No website is an island. We build websites and web applications on the work of other developers, often open source developers. Our sites rely on third-party libraries, plugins, and frameworks. We pull libraries from CDNs to save on bandwidth and reduce latency. Every piece of third-party software running on your server or your users’ browsers is an opportunity for attackers to hit you in the supply chain.

Supply chain attacks attract criminals because they have a compelling cost-benefit ratio. Hack a popular project, inject a snippet of JavaScript, and you own every site that imports that project’s software. The MageCart credit card scraper largely spreads through supply-chain attacks. WordPress users have been the victim of malware-infested plugins on several occasions over the past year.

Supply-chain attacks are pernicious because you may never know the malicious software is there. Your server security isn’t breached and there are few tell-tale signs. Vigilance is the best mitigation: scrutinize third-party libraries and keep abreast of security news relating to the software you use. Subresource Integrity and Content Security Policy can limit the effect of a successful supply-chain attack.

Cryptomining Malware

Cryptomining attacks — sometimes called cryptojacking — are becoming more popular than ransomware. They’re easier to carry out and give attackers a better ROI with lower administrative overheads. Cryptomining malware was a growing threat in 2018, and the trend will continue in 2019. In 2018, the number of cryptomining attacks increased by 83 percent.

Cryptojacking attacks aim to run cryptomining software on servers and, more often, on users’ browsers. The malware exploits server and user hardware to mine cryptocurrencies. Before the software can run, an attacker must compromise the server or site, which they may achieve through a supply-chain attack, a brute-force attack, or through the exploitation of a software vulnerability.

Many cryptojacking attacks use the coinhive.js library. If it is running on your server without your permission, then it’s likely your server or software you depend on has been compromised. Recent cryptomining attacks are more sneaky, and it can be difficult to discover the malware once it has been injected into code on your site or application. The best defense is to prevent the malware from infecting your files by following the security best practices mentioned at the top of this post.